ClamAV versions up to 0.88.3 DoS

Published: 2006-08-07
Last Updated: 2006-08-08 00:15:14 UTC
by Jim Clausing (Version: 3)
0 comment(s)
A Secunia bulletin earlier today alerted us to a potential denial of service in the popular open-source anti-virus package ClamAV.  The vulnerability is in the pefromupx() routine for unpacking a UPX packed PE executable.  The advisory states that all versions up to, and including, 0.88.4 are vulnerable.  The front page of states that the latest stable version is 0.88.4, but the "stable" page only mentions 0.88.3 released last month.  The sourceforge download page lists a clamav-0.88.4.tar.gz (and .sig), but at the time of this writing, actually clicking on the link results in a "file not found" error.  So, it looks like they are scrambling to fix this one and the new version should be available shortly.

Update: (2006-08-08 00:10) The tarball is available now as is a proof-of-concept.

Jim Clausing,  jclausing --at--
0 comment(s)


Diary Archives